On Thu, 1 Oct 2015, jericho wrote:
: Is there an ETA on this? Yet another CNA has stepped up to follow IBM's
: lead in using the incorrect CVE that is very clearly labeled to be
: specific to one vendor (CVE-20141-8730), all the while IBM keeps using
: it in advisory after advisory after several warnings from me, and one
: from Steve Christey I believe.
Should be CVE-2014-8730, damn typos.
I sent a slightly stern mail to HP's security alert contact, reminding
them that a) 2014-8730 is not POODLE, but a 'variant of POODLE'
(something else they got wrong in the advisory), and b) 2014-8730 is
specific to F5 products, and that they should assign their own CVE
identifier to cover HP products.